Date: Thu, 2 Oct 2003 12:08:44 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: freebsd-security@FreeBSD.org Subject: HEADS UP: upcoming security advisories Message-ID: <20031002170844.GA66592@madman.celabo.org>
next in thread | raw e-mail | index | archive | help
Hello Folks, Just a status on upcoming advisories. FreeBSD-SA-03:15.openssh This is in final review and should be released today. Fixes for this issue entered the tree on September 24. I apologize for the delay in getting this one out. FreeBSD-SA-03:16.filedesc A reference counting bug was discovered that could lead to kernel memory disclosure or a system panic. Fixes for this issue were committed to -CURRENT, -STABLE, and the security branches earlier today. This bug was reported to us by Joost Pol of Pine Digital Security, and their advisory just went onto the web: <URL: http://www.pine.nl/press/pine-cert-20030901.txt > FreeBSD-SA-03:17.procfs Several similar bugs involving integer arithmetic underflows or overflows were identified, again by Joost Pol. These bugs could also lead to kernel memory disclosure or system panic. Fixes for this issue are in -CURRENT and -STABLE. The security branches will be addressed during the rest of the day. <URL: http://www.pine.nl/press/pine-cert-20030902.txt > FreeBSD-SA-03:18.openssl The issue reported at <URL: http://www.openssl.org/news/secadv_20030930.txt > affects the version of OpenSSL included with previous versions of FreeBSD. The impact is limited to denial-of-service. Because of the relative severity of the above issues, this openssl issue will likely not be completely dealt with until tomorrow or even Saturday. The official fixed version, OpenSSL 0.9.7c, was imported into -CURRENT yesterday, and will be MFC'd to -STABLE today, but it will be a bit longer to backport fixes for the security branches. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031002170844.GA66592>